Further Reading

Handle authorization

On each request, the LoginCallback.ashx handler and the Http module generate an IPrincipal. Because of that, you can use the following authorization methods:

The declarative [Authorization] protection

The <location path='..'> protection

Code-based checks, for example, User.Identity.IsAuthenticated

Automatically redirect to the login page

If the request is not authenticated, the [Authorize] attribute generates a 401 (Unauthorized) error. If you want to automatically redirect users to the login page, you can use the Forms Authentication module.

Link accounts

To link accounts, you need the logged-in user's Access Token. You can get it from:

<%= ClaimsPrincipal.Current.FindFirst("access_token").Value %>

Did it help?/

Flow the user's identity to a WCF service

If you want to flow the logged-in user's identity to a WCF service or an API, use the responseType: 'token' parameter on the login widget constructor. When the parameter is sent, Auth0 generates an ID Token. You can send the ID Token to your service or use it to generate an ActAs token. The ID Token is a JSON Web Token.

Manage the dev, test and production environments

We recommend that you create one application per environment. For each environment, use a different client ID and secret. To learn more, read about using Auth0 with Microsoft Azure.